# # spec file for package iptables # # Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: iptables Version: 1.6.2 Release: 0 Summary: IP packet filter administration utilities License: GPL-2.0-only AND Artistic-2.0 Group: Productivity/Networking/Security Url: http://netfilter.org/projects/iptables/ #Git-Clone: git://git.netfilter.org/iptables Source: http://netfilter.org/projects/iptables/files/%name-%version.tar.bz2 Source2: http://netfilter.org/projects/iptables/files/%name-%version.tar.bz2.sig Source3: %name.keyring Patch3: iptables-batch.patch Patch4: iptables-apply-mktemp-fix.patch Patch5: iptables-batch-lock.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %if 0%{?fedora_version} || 0%{?centos_version} BuildRequires: sgml-common %endif %if 0%{?suse_version} BuildRequires: fdupes %endif #git#BuildRequires: autoconf, automake >= 1.10 BuildRequires: bison BuildRequires: flex >= 2.5.33 BuildRequires: libtool BuildRequires: pkg-config >= 0.21 BuildRequires: xz BuildRequires: pkgconfig(libmnl) >= 1.0 BuildRequires: pkgconfig(libnetfilter_conntrack) >= 1.0.4 BuildRequires: pkgconfig(libnfnetlink) >= 1.0.0 BuildRequires: pkgconfig(libnftnl) >= 1.0.5 Requires: xtables-plugins = %version-%release %description iptables is used to set up, maintain, and inspect the rule tables of the classic "ip6_tables" and "ip_tables" packet filters in the Linux kernel. %package nft Summary: nft packet filter administration utilties in the style of Xtables Group: Productivity/Networking/Security Requires: netcfg >= 11.6 Requires: xtables-plugins = %version-%release %description nft The programs shipped in this subpackage behave like iptables on the command line, but instead edits the rules of the nft packet filter in the Linux kernel. Linux kernel 4.2 or newer is recommended to exploit the features. %package -n xtables-plugins Summary: Match and target extension plugins for iptables Group: Productivity/Networking/Security Conflicts: iptables < 1.4.18 %description -n xtables-plugins Match and Target Extension plugins for iptables. %package -n libipq0 Summary: Library to interface with the (old) ip_queue kernel mechanism Group: System/Libraries %description -n libipq0 The Netfilter project provides a mechanism (ip_queue) for passing packets out of the stack for queueing to userspace, then receiving these packets back into the kernel with a verdict specifying what to do with the packets (such as ACCEPT or DROP). These packets may also be modified in userspace prior to reinjection back into the kernel. ip_queue/libipq is obsoleted by nf_queue/libnetfilter_queue! %package -n libipq-devel Summary: Development files for the ip_queue kernel mechanism Group: Development/Libraries/C and C++ Requires: libipq0 = %version %description -n libipq-devel The Netfilter project provides a mechanism (ip_queue) for passing packets out of the stack for queueing to userspace, then receiving these packets back into the kernel with a verdict specifying what to do with the packets (such as ACCEPT or DROP). These packets may also be modified in userspace prior to reinjection back into the kernel. ip_queue/libipq is obsoleted by nf_queue/libnetfilter_queue! %package -n libiptc0 Summary: Library for low-level ruleset generation and parsing Group: System/Libraries %description -n libiptc0 libiptc ("iptables cache") is used to retrieve from the kernel, parse, construct, and load new rulesets into the kernel. %package -n libiptc-devel Summary: Development files for libiptc, a packet filter ruleset library Group: Development/Libraries/C and C++ Requires: libiptc0 = %version %description -n libiptc-devel libiptc ("iptables cache") is used to retrieve from the kernel, parse, construct, and load new rulesets into the kernel. %package -n libxtables12 Summary: iptables extension interface Group: System/Libraries %description -n libxtables12 This library contains all the iptables code shared between iptables, ip6tables, their extensions, and for external integration for e.g. iproute2's m_xt. %package -n libxtables-devel Summary: Headers and manpages for iptables Group: Development/Libraries/C and C++ Requires: libxtables12 = %version %description -n libxtables-devel This library contains all the iptables code shared between iptables, ip6tables, their extensions, and for external integration for e.g. Link your extension (iptables plugins) with $(pkg-config xtables --libs) and place the plugin in the directory given by $(pkg-config xtables --variable=xtlibdir). %prep %setup -q %patch -P 3 -P 4 -P 5 -p1 %build # We have the iptables-batch patch, so always regenerate. if true || [ ! -e configure ]; then ./autogen.sh fi # bnc#561793 - do not include unclean module in iptables manpage rm -f extensions/libipt_unclean.man # includedir is overriden on purpose to detect projects that # fail to include libxtables_CFLAGS %configure --includedir="%_includedir/%name" --enable-libipq make %{?_smp_mflags} %install make DESTDIR=%buildroot install # iptables-apply is not installed by upstream Makefile install -m0755 iptables/iptables-apply %buildroot%_sbindir/ install -m0644 iptables/iptables-apply.8 %buildroot%_mandir/man8/ rm -f "%buildroot/%_libdir"/*.la %if 0%{?suse_version} %fdupes %buildroot/%_prefix %endif %post -n libipq0 -p /sbin/ldconfig %postun -n libipq0 -p /sbin/ldconfig %post -n libiptc0 -p /sbin/ldconfig %postun -n libiptc0 -p /sbin/ldconfig %post -n libxtables12 -p /sbin/ldconfig %postun -n libxtables12 -p /sbin/ldconfig %files %defattr(-,root,root) %license COPYING %doc %_mandir/man1/ip* %doc %_mandir/man8/ip* %_bindir/iptables-xml %_sbindir/iptables %_sbindir/iptables-apply %_sbindir/iptables-batch %_sbindir/iptables-restore %_sbindir/iptables-save %_sbindir/ip6tables %_sbindir/ip6tables-batch %_sbindir/ip6tables-restore %_sbindir/ip6tables-save %_sbindir/xtables-multi %files nft %defattr(-,root,root) # is provided by netcfg %exclude %_sysconfdir/ethertypes %_sbindir/*-compat* %_sbindir/*-translate* %files -n xtables-plugins %defattr(-,root,root) %_libdir/xtables/ %_sbindir/nfnl_osf %_mandir/man8/nfnl_osf.8* %_datadir/xtables/ %files -n libipq0 %defattr(-,root,root) %_libdir/libipq.so.0* %files -n libipq-devel %defattr(-,root,root) %doc %_mandir/man3/libipq* %doc %_mandir/man3/ipq* %dir %_includedir/%name/ %_includedir/%name/libipq* %_libdir/libipq.so %_libdir/pkgconfig/libipq.pc %files -n libiptc0 %defattr(-,root,root) %_libdir/libiptc.so.0* %_libdir/libip4tc.so.0* %_libdir/libip6tc.so.0* %files -n libiptc-devel %defattr(-,root,root) %dir %_includedir/%name/ %_includedir/%name/libiptc* %_libdir/libip*tc.so %_libdir/pkgconfig/libip*tc.pc %files -n libxtables12 %defattr(-,root,root) %_libdir/libxtables.so.12* %files -n libxtables-devel %defattr(-,root,root) %dir %_includedir/%name/ %_includedir/%name/xtables.h %_includedir/%name/xtables-version.h %_libdir/libxtables.so %_libdir/pkgconfig/xtables.pc %changelog